Would it make sense if WiFi portals had a password to connect to the wifi too?

Question

It is often told that public open hotspots are dangerous because other can listen in.

Would it make any difference if there were a known password to log in to the network, and then a token/ticket/payment on the portal before getting internet access?

Is there even a problem if the access point is set up with client isolation?

Or does knowing the password mean you can just pick up the data "from the air" without connecting to the hotspot/AP?

By password, are you referring to the network as having a WPA security key? Or are you still talking about unencrypted wifi? — Dan Landberg, Aug 01 '18 at 16:55
Ok. That usual password is an encryption key. I'll add my answer. — Dan Landberg, Aug 01 '18 at 17:14

score 1 · Answer 1 · answered Aug 01 '18 at 17:20

If an attacker is able to access a wifi network (either an open one, or has the security key for it), he or she is able to see all of the traffic that is being sent to other users on that network segment, even if he or she is not connected (associated) with the access point. Additionally, the attacker may also be able to perform a Man-in-the-middle or Man-on-the-side attack where he/she is able to alter the data that is sent to the victim's machine.

Adding the encryption key only adds security if the attacker does not know it. Once the attacker has it, it's basically the same as an open wifi network.

Connections to "open" wi-fi networks will be encrypted with individual keys starting with WPA3. This should also protect the data of 1 key-knowing user from snooping by another key-knowing user. It is called "Individual data encryption." https://www.pcmag.com/article/362111/what-is-wpa3 — Owen, Aug 01 '18 at 18:30

Would it make sense if WiFi portals had a password to connect to the wifi too?

1 Answers1